The State Bank of India (SBI), India's largest lender, has issued a warning for its users to beware of an imminent phishing attack (cyber attack). The Indian Computer Emergency Response Team (CERT-In) on Sunday had warned that in a major phishing attack, millions of Indians could be targeted by fake emails, social media posts or texts messages, which promises free Covid-19 testing across India.
A large-scale cyber attack has been planned by cyber crooks where they may use Covid-19 as bait to steal personal and financial information. Cyber attack conducted by "malicious actors", will be done in the guise of a Covid-19 related with subject like ‘Free COVID-19 Testing’ via emails from ‘firstname.lastname@example.org’.
Attention! It has come to our notice that a cyber attack is going to take place in major cities of India. Kindly refrain yourself from clicking on emails coming from email@example.com with a subject line Free COVID-19 Testing," SBI twteeted on Sunday.
Attention! It has come to our notice that a cyber attack is going to take place in major cities of India. Kindly refrain yourself from clicking on emails coming from firstname.lastname@example.org with a subject line Free COVID-19 Testing. pic.twitter.com/RbZolCjLMW— State Bank of India (@TheOfficialSBI) June 21, 2020
The CERT-In warning advisory added that there would be a phishing email subject line like free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad.
In an advisory, Cert-IN said, citing a report from independent researchers who said the attack is being planned by North Korea-based cyber criminals.
It stated, "Phishing campaign is expected to impersonate government agencies, departments and trade associations who have been tasked to oversee the disbursement of the government fiscal aid."
"The malicious group claims to have 2 million individual email addresses and the attack campaign is expected to start on June 21," the Indian government stated.
CERT-In issued advisory on COVID 19-related Phishing Attack Campaign by Malicious Actors. pic.twitter.com/x8WO3TseCM— CERT-In (@IndianCERT) June 20, 2020
"Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious les or entering personal and nancial information," CERT-In said in the latest advisory dated June 19.
"It has been reported that these malicious actors are planning to spoof or create fake email Ids impersonating various authorities," it cautioned.
The government also issued preventive measures where it stated that 'not to open' or 'click' on attachment in un-solicited email, sms or messages through social media. It further directed to exercise caution in opening attachments, even if the sender appears to be known.
"Beware of email addresses, spelling errors in emails, websites and unfamiliar email senders," stated the advisory, warning every citizen not to submit personal financial details on unfamiliar or unknown websites or links.
"Beware of emails, links providing special offers like Covid-19 testing, aid, winning prize, rewards, cashback offers," the government advisory stated.